Security issues with Front End Server in a DMZ?
Posted on 2004-03-23
We currently have a Front End/Back End Exchange configuration which resides completely behind a firewall. It seems we are having to evaluate the option of sticking the FE server out in the DMZ for direct access to POP, IMAP, etc.
*Currently, all users access the corporate network via VPN for access to Exchange mail. Performance (speed) and accessibility issues have been expressed by a number of our users when connecting in this manner.
If we were to only to open the secure ports ->
443 - HTTP (SSL)
993 - IMAP4 (SSL)
995 - POP3 (SSL)
...what are the obvious security risks?
It appears to be a infrastructure design practice preached by MS and just need to be well-informed about any security before implementing. The FE is NOT a GC and has no mailbox store mounted...
thanks for any insight!